The truth is that many firms simply don't have the staff and budget needed to support an internal SOC. They also don't have the budget for an MSSP. With that, Mike Rothman of Securosis noted that these firms are "trapped on the hamster wheel of pain, reacting without sufficient visibility, but without time to invest in gaining that much-needed visibility into threats without diving deep into raw log files".
In my experience it is not the budget but the politics.
Is your company's security worth the expense of an additional tech? Or are office politics the reason you cannot get an additional tech?
Does whomever is in charge of your technology have the authority to say "no" to requests from other departments? And the political capital to make it stick?
I've seen too many examples of companies "suffering" from the problems their own decisions/environment created.
Retrofitting security is not the answer.